Is Your Network Safe?

Just a few years ago, plants didn't have to worry about the safety of their networks. From an IT point of view, plants were silos -- succinct and secure. That changed over the past decade. To improve efficiency, plants connected out to the company's back office and beyond to suppliers and customers.

The increased connectivity gives the business office insight into what the plant is producing, what orders are complete, and what new supplies need to be ordered. The network can alert customers that a shipment is on the way. It can also alert suppliers that a new shipment is needed. Most of the connectivity runs along Internet connections.

This extended network prompted a battle between the organization's IT team and the control folks on the factory floor. IT is accustomed to adding patches late at night, when the office employees are gone. A quick reboot, and everything is fine when the office employees show up the next morning. With plant networks, that's not so easy. If a plant is running 24/7, you can't add patches and reboot without shutting down the plant.

In addition, the plant is now vulnerable to hacking. When automation and control managers discuss this challenge, the vulnerability that most worries plant employees is not terrorists, hackers, or competitors -- it's disgruntled employees. Who else would know how to crack the system, push the right buttons, and pull the right levers to disrupt the network?

Design News will present a radio show on this topic on Thursday, Dec. 6, at 12:00 p.m. EST. It's free and open to all. You can sign up for the program, "Network Security: Don't Get Hacked," by clicking here. The presenter is Eric J. Byres, CTO and vice president of engineering of Tofino Security, one of the leading experts on network security. During the half-hour presentation (followed by a half-hour of online chat), Eric will discuss the challenges and solutions for securing your network.

I see what you mean. But Ethernet has been invading the factory since the late 80s, and began to infiltrate the back end--the plant floor--around that time in some industries, even if it was only cobbled together custom attempts at interfacing the control system with early IT networks. So the conflicts began over 20 years ago.

One very simple and inexpensive way to hack a companie's network has been described to me, and it would work in a lot of places, particularly those where the system hub is in a closet, not a server room. All a visitor would need is a cheap wireless router and a eternet cable. Plug the cable into the system hub and then into the router, plug in the router, and place it above the dropped ceiling of the closet. The company network could then be accessed by anyone with the router password, within range. And if the hack were discovered, finding the snooper would not be simple, because of the wireless link.

It seems to make sense, Ann. Yet I think the struggle between control engineers and IT folks is fairly recent. For decades, the plant floor was run on networks that were not linked out to the company's back office and supply chain. As for these teams that include control and IT, a lot of that movement seems to have come from vendors as a suggested best practice.

Yes, Ann, in successful deployments now, many companies are creating these IT/control teams. Some of this comes through vendor encouragement. Apparently, these teams have been successful at reconciling the needs for 24/7 plant uptime and IT concerns over security.

Yes it is a good question, Chuck. When plants were silos, safety wasn't a concern. That has really changed in recent years. Plant networks now connect out to ERP systems and supply chain partners. Another thing that has changed is the use of energy. Ten years ago plants didn't care about energy savings. Wow, has that changed.

Me too, Charles. In the old days at the semiconductor company I worked at, as a member of test engineering I was also expected to help with keeping everybody's computers up and running. We never thought much about network security beyond the barebones administrator privileges. With the increase in interconnectivity and establishment of IT departments, computer security has become so much more than guarding against a virus attacking your computer - so much so that some companies have gone to the extreme. I have a friend that works for an engineering company and he can't even download datasheets because of the security settings by their IT department. If there is no activity on his keyboard for longer than five minutes it automatically logs him out. It would be nice for companies like that to adapt different strategies where the network is kept secure but the employees can still access the data they need. I am surprised to read that disgruntled employees are feared the most - I would think it would be unethical competitors...but then the disgruntled employees that leave may become the unethical competitors. It always astounds me how much time and energy people devote to such a destructive and dishonest practice as hacking, often with no logical return except for the accomplishment they feel in being able to do it - if they directed their energy to honest productivity they would be so much better off...

Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.